Feature/threat lookup magnifier button (#5044)

* Update Makefile * Update pkg-descr * Update security/q-feeds-connector/pkg-descr Co-authored-by: Franco Fichtner <franco@lastsummer.de> * Update security/q-feeds-connector/Makefile Co-authored-by: Franco Fichtner <franco@lastsummer.de> * Add threat lookup magnifier buttons to events table - Add magnifier buttons next to source and destination IP addresses in events table - Buttons open Threat Intelligence Portal in new tab with IP pre-filled - Automatically triggers search when TIP page loads - Buttons are right-aligned in their respective columns - Works for both logged-in and logged-out users (with proper redirect handling) * Update pkg-descr * Refactor formatters to use template literals (backticks) for better readability Addresses reviewer feedback to use template literals instead of string concatenation for HTML generation in JavaScript formatters. * Update pkg-descr: consolidate all changes into version 1.3 * Use const instead of var for modern JavaScript best practices Addresses reviewer feedback to use const/let instead of var for better block scoping and to prevent accidental reassignment. --------- Co-authored-by: Franco Fichtner <franco@lastsummer.de>
2025-12-10 10:30:21 -06:00 · 2025-11-24 08:30:14 +01:00 · 2025-11-24 08:30:14 +01:00 · 3897c7316c
commit 3897c7316c
parent 52ec3fd3f9
2 changed files with 40 additions and 4 deletions
--- a/security/q-feeds-connector/pkg-descr
+++ b/security/q-feeds-connector/pkg-descr
@ -2,9 +2,10 @@ Connector for Q-Feeds threat intel

 Plugin Changelog
 ================
-1.3

+1.3
 * Events: added source and destination port
+* Events: added quick Threat Lookup button to dest-ip and source-ip fields
 * Widget: Added license info 

 1.2
--- a/security/q-feeds-connector/src/opnsense/mvc/app/views/OPNsense/QFeeds/index.volt
+++ b/security/q-feeds-connector/src/opnsense/mvc/app/views/OPNsense/QFeeds/index.volt
@ -56,7 +56,42 @@ POSSIBILITY OF SUCH DAMAGE.
            } else if (e.target.id === 'events_tab') {
                if (!$("#grid-events").hasClass('tabulator')) {
                    $("#grid-events").UIBootgrid({
-                        'search': '/api/q_feeds/settings/search_events/'
+                        'search': '/api/q_feeds/settings/search_events/',
+                        'options': {
+                            formatters: {
+                                'source': function(column, row) {
+                                    if (!row.source) return '';
+                                    return `<div style="display: flex; justify-content: space-between; align-items: center;">
+                                        <span>${row.source}</span>
+                                        <button type="button" class="btn btn-xs btn-default threat-lookup-btn bootgrid-tooltip" 
+                                                data-ip="${row.source}" 
+                                                title="Lookup Source IP in Threat Intelligence Portal">
+                                            <span class="fa fa-fw fa-search"></span>
+                                        </button>
+                                    </div>`;
+                                },
+                                'destination': function(column, row) {
+                                    if (!row.destination) return '';
+                                    return `<div style="display: flex; justify-content: space-between; align-items: center;">
+                                        <span>${row.destination}</span>
+                                        <button type="button" class="btn btn-xs btn-default threat-lookup-btn bootgrid-tooltip" 
+                                                data-ip="${row.destination}" 
+                                                title="Lookup Destination IP in Threat Intelligence Portal">
+                                            <span class="fa fa-fw fa-search"></span>
+                                        </button>
+                                    </div>`;
+                                }
+                            }
+                        }
+                    });
+                    
+                    // Add click handler for threat lookup button
+                    $(document).on('click', '.threat-lookup-btn', function() {
+                        const ip = $(this).data('ip');
+                        if (ip) {
+                            const tipUrl = 'https://tip.qfeeds.com/views/threat-lookup/index.php?q=' + encodeURIComponent(ip);
+                            window.open(tipUrl, '_blank');
+                        }
                    });
                } else {
                    $("#grid-events").bootgrid("reload");
@ -109,9 +144,9 @@ POSSIBILITY OF SUCH DAMAGE.
                    <th data-column-id="timestamp" data-type="string">{{ lang._('Timestamp') }}</th>
                    <th data-column-id="interface" data-type="string">{{ lang._('Interface') }}</th>
                    <th data-column-id="direction" data-type="string">{{ lang._('Direction') }}</th>
-                    <th data-column-id="source" data-type="string">{{ lang._('Source') }}</th>
+                    <th data-column-id="source" data-type="string" data-formatter="source">{{ lang._('Source') }}</th>
                    <th data-column-id="source_port" data-type="string">{{ lang._('Source Port') }}</th>
-                    <th data-column-id="destination" data-type="string">{{ lang._('Destination') }}</th>
+                    <th data-column-id="destination" data-type="string" data-formatter="destination">{{ lang._('Destination') }}</th>
                    <th data-column-id="destination_port" data-type="string">{{ lang._('Destination Port') }}</th>
                </tr>
            </thead>